Tech Talk

Gintaras Radauskas Senior journalist Updated on: July 11, 2024 7:52 AM

Vilius Petkauskas Deputy Editor Updated on: July 11, 2024 9:19 AM

New Paragraph

Techsavvi at Work One of our clients was struggling to get reliable internet speeds, they had reached out to ISP for solutions, but they were not able to make any progress. Their internet speeds averaged 1.5 Mbps. They reached out to the Techsavvi Team. We were able to walk them through a step-by-step process that allowed us to pinpoint the issue and boost their speeds significantly. Now their operation is reaching industry standards at 90 Mbps. This improvement came without purchasing new services from MSP and at no additional cost to their business.

Techsavvi at Work Techsavvi works tirelessly, focused on client relations and improving the overall posturing of our clients networks. We recently enabled a client to getting better Internet speeds. with no additional cost to the client and no new services from their ISP. They were elated with seeing their speeds jump from 1.5 Mbs to and an average of 90 Mbs.

By SHARON D. NELSON, JOHN W. SIMEK, AND MICHAEL C. MASCHKE It’s been a very bad year for law firms. Not only were many law firms breached — and some from BigLaw — but the class action attorneys also have apparently discovered there is money to be made from class action lawsuits against breached law firms. It seemed like a good time to talk about foolish things that law firms and lawyers do that amount to an engraved “breach me” invitation to cybercriminals. No. 1: They Don’t Adopt Multifactor Authentication (MFA) As all lawyers know, there is an inconvenience factor to adopting MFA. And an amazing number of lawyers resist the very minor inconvenience of having to authenticate themselves twice, first entering their password (something they know) and then authenticating again via something they have (i.e. an app on their phone) or using biometrics. According to Microsoft, the adoption of MFA will prevent 99.9% of account takeovers. We have seen multiple law firms refuse MFA (groaning about its inconvenience) only to suffer account takeovers. They sure were anxious to adopt MFA after the breach. D’oh. No. 2: They Don’t Have Multiple Backups Most importantly, you must have more than one backup — and one of the backups should not be connected to your network. The first thing cybercriminals will do after breaching your network is to break into any accessible backups so you cannot recover from the breach without paying the ransom. Also, make sure your cloud backup has multiple versions and doesn’t only sync the contents of the local backup. Encrypting the local backup shouldn’t replicate so that your cloud backups are encrypted too. It is also important to recognize that, while having your data in the cloud is not a guarantee that you won’t be breached, your data is infinitely safer in the cloud. While there have been cloud breaches, MOST of them have happened because an employee of yours misconfigured something in the cloud. We’re down to only two clients who have their data on-premise — one is stubborn — and we feel for the other because that law firm is commanded by a major client to have the data onsite. The cloud is where it’s all happening these days. If you cling to the past, you do yourself no favors — and note that some IT folks will encourage staying with an on-premise solution because they make more money that way. No. 3: They Skimp on Employee Training Law firm employees are your first line of defense. Endless phishing emails (which have gotten more sophisticated thanks to artificial intelligence) and social engineering are dire threats. So why wouldn’t you train employees to recognize these kinds of attacks — and offer them as many different examples as possible of those attacks and others? And yet most law firms, particularly the solo/small/midsized firms, do not offer this training. The cost of an annual cybersecurity training online session is modest — the cost of a data breach is immense. Tip: get a reference from a fellow lawyer about cybersecurity firms who do good employee training at a reasonable fee. No. 4: They Don’t Have An Adequate Plan An incident response plan (IRP) may salvage your firm in the event of a breach, and yet only 42% of firms have one. And we’re pretty sure that many of the IRPs that do exist are either outdated or not quite up to snuff. Get some help from a cybersecurity professional who is accustomed to drafting these plans. Minus a thorough plan, after a breach you will haplessly do all sorts of things that are wrong, done in the incorrect order, etc. Remember, there are penalties (lots of them) for not handling a breach correctly and reporting it timely. And did we mention the ethics rules? No.5: They Trust Without Verifying Don’t trust your employees. Why? Because they take your data when they go to another firm. You see that in the headlines regularly. You also often see law firm bookkeepers embezzle money. Just do a search and you will see the necessity of having someone audit your books. Hopefully, you do not allow sharing of passwords. But employees do it anyway. The usual excuse is that, for instance, a lawyer and a paralegal need to have access to one another’s email. If one is compromised, both are compromised. Enforce your policy! When you need a security assessment, do NOT let your IT folks do it. They have a vested interest in the outcome. We could go on, but you get the idea. To adapt Ronald Reagan’s words, “if you must trust, then verify.” No. 6: They Take Their Work Laptop Abroad If you take your work laptop abroad, you take your chances. Some countries are more dangerous than others. We have seen a video of a laptop left in a hotel room in China and watched as two men entered the lawyer’s room and downloaded the entire contents of the laptop. Mind you, not every country is as dangerous as China when it comes to coveting a lawyer’s data. But routinely, large firms have clean laptops that they loan out for trips abroad. For small firms, the cost of an extra laptop or two is well worth it. Make sure you make this a law firm policy requirement. Remember the post roll call words of police Sgt. Phil Esterhaus on Hill Street Blues? “Let’s be careful out there.” Those words apply here – and there may be ethical implications as well. No. 7: They Let Apps Access Their ‘Contacts’ We routinely see lawyers do this. MANY apps ask for access to your “Contacts,” and the average lawyer simply allows it. What are they thinking???? Your “Contacts” contain all kinds of sensitive data — and the integrity of most apps is highly questionable. Many sell data. Several bars have already said it is unethical to allow apps to access your “Contacts.” And they are right! This list could go on and on, but following the advice above should upgrade your cybersecurity significantly! Sharon D. Nelson is a practicing attorney and the president of Sensei Enterprises, Inc. She is a past president of the Virginia State Bar, the Fairfax Bar Association and the Fairfax Law Foundation. She is a co-author of 18 books published by the ABA. snelson@senseient.com John W. Simek is vice president of Sensei Enterprises, Inc. He is a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) and a nationally known expert in the area of digital forensics. He and Sharon provide legal technology, cybersecurity and digital forensics services from their Fairfax, Virginia firm. jsimek@senseient.com Michael C. Maschke is the CEO/Director of Cybersecurity and Digital Forensics of Sensei Enterprises, Inc. He is an EnCase Certified Examiner, a Certified Computer Examiner (CCE #744) a Certified Ethical Hacker and an AccessData Certified Examiner. He is also a Certified Information Systems Security Professional. mmaschke@senseient.com

In continuation of Microsoft’s series of data security incidents, employees accidentally exposed internal data to the public. The leak exposed an unprotected Azure storage server containing code, scripts, and configuration files. Microsoft has announced that it has fixed a security breach that exposed internal company credentials and files to the open internet. The breach was first discovered by security researchers from cybersecurity firm SOC Radar. According to their report, an internal error resulted in an Azure storage server without password protection being given public access. The exposed data was primarily related to Microsoft’s Bing search engine, including configuration files, code, and scripts that employees used to access a range of internal systems and databases. Consequently, bad actors could identify and access locations for Microsoft's internal data. So far, it has not been made clear how long the data has been exposed. Anuj Mudaliar Assistant Editor - Tech, SWZD opens a new window opens a new window Anuj Mudaliar is a content development professional with a keen interest in emerging technologies, particularly advances in AI. As a tech editor for Spiceworks, Anuj covers many topics, including cloud, cybersecurity, emerging tech innovation, AI, and hardware. When not at work, he spends his time outdoors - trekking, camping, and stargazing. He is also interested in cooking and experiencing cuisine from around the world.

AT&T is notifying 51 million former and current customers, warning them of a data breach that exposed their personal information on a hacking forum. However, the company has still not disclosed how the data was obtained. These notifications are related to the recent leak of a massive amount of AT&T customer data on the Breach hacking forums that was offered for sale for $1 million in 2021. When threat actor ShinyHunters first listed the AT&T data for sale in 2021, the company told BleepingComputer that the collection did not belong to them and that their systems had not been breached. Last month, when another threat actor known as 'MajorNelson' leaked the entire dataset on the hacking forum, AT&T once again told BleepingComputer that the data did not originate from them and their systems were not breached. After BleepingComputer confirmed that the data belonged to AT&T and DirectTV accounts, and TechCrunch reported AT&T passcodes were in the data dump, AT&T finally confirmed that the data belonged to them. While the leak contained information for more than 70 million people, AT&T is now saying that it impacted a total of 51,226,382 customers. "The [exposed] information varied by individual and account, but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and AT&T passcode," reads the notification. "To the best of our knowledge, personal financial information and call history were not included. Based on our investigation to date, the data appears to be from June 2019 or earlier." BleepingComputer contacted AT&T as to why there is such a large difference in impacted customers and was told that some of the people had multiple accounts in the dataset. "We are sending a communication to each person whose sensitive personal information was included. Some people had more than one account in the dataset, and others did not have sensitive personal information," AT&T told BleepingComputer. The company has still not disclosed how the data was stolen and why it took them almost five years to confirm that it belonged to them and to alert customers. Furthermore, the company told the Maine Attorney General's Office that they first learned of the breach on March 26, 2024, yet BleepingComputer first contacted AT&T about it on March 17th and the information was for sale first in 2021. While it is likely too late, as the data has been privately circulating for years, AT&T is offering one year of identity theft protection and credit monitoring services through Experian, with instructions enclosed in the notices. The enrollment deadline was set to August 30, 2024, but exposed people should move much faster to protect themselves. Recipients are urged to stay vigilant, monitor their accounts and credit reports for suspicious activity, and treat unsolicited communications with elevated caution. For the admitted security lapse and the massive delay in verifying the data breach claims and informing affected customers accordingly, AT&T is facing multiple class-action lawsuits in the U.S. Considering that the data was stolen in 2021, cybercriminals have had ample opportunity to exploit the dataset and launch targeted attacks against exposed AT&T customers. However, the dataset has now been leaked to the broader cybercrime community, exponentially increasing the risk for former and current AT&T customers. Update 4/10/24: Added statement from AT&T about discrepancy in numbers. BILL TOULAS Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Home improvement retailer Home Depot confirmed with multiple publishers that it suffered a data break due to a third-party SaaS vendor inadvertently exposing a subset of employee data. IntelBroker, the threat actor behind the attack claims it has the information of 10,000 Home Depot employees. A Home Depot software vendor suffered a data breach leading to the compromise of an undisclosed number of employees. IntelBroker, the threat actor behind the attack claims it has the information of 10,000 Home Depot employees. Home improvement retailer Home Depot confirmed with multiple publishers that it suffered a data break due to a third-party software vendor inadvertently exposing a subset of employee data. Reportedly, the breach was caused by a misconfigured software-as-a-service (SaaS) application.

Explaining a SIEM in Simple Terms (Kind Of …) What Kind of Things Can a SIEM Do for Law Firms? What Are the Core Functions of a SIEM? What Are the Benefits of Using a SIEM for a Law Firm? How Does a Law Firm Implement a SIEM? How Much Will a SIEM Cost Your Small Law Firm? The Role a SIEM Will Play for Your Law Firm

Sometimes, you can’t even trust links with your own domain. As the Cybernews research team has discovered, some BMW subdomains were vulnerable to redirect vulnerability, enabling attackers to forge links… The post Don’t trust links with known domains: BMW affected by redirect vulnerability appeared first on .

Malicious actors have hacked two governmental servers running end-of-life software. The US cybersecurity agency CISA warns that cybercriminals are exploiting a vulnerability in discontinued Adobe ColdFusion versions and urges users… The post Hackers breach US Government agencies running end-of-life software appeared first on .

Microsoft has seized domains and social media accounts belonging to Storm-1152. a large cybercrime actor. The group used the infrastructure to create 750 million fraudulent Microsoft accounts and earn millions… The post Cybercriminals selling fraudulent Outlook accounts taken down by Microsoft appeared first on .

Since the public release of ChatGPT, the adoption of artificial (AI) and machine learning (ML) systems has seen a significant boost. Companies are now rushing to integrate AI technology for… The post AI under criminal influence: adversarial machine learning explained appeared first on .

Prospect Medical Holdings admits that it was hacked, with hundreds of thousands of employees and patients left affected. Prospect Medical Holdings is a healthcare company operating more than 150 clinics… The post Hackers attack US healthcare giant, more than 190K people affected appeared first on .

Inside the Newsletter | November 2023 Watch Out for Ransomware Pretending to Be a Windows Update!  Gadget of The Month  Smart Home Safety Tips  What Is Microsoft Sales Copilot? Biggest… The post November Newsletter appeared first on .

Thousands of users are expressing frustration on X or review sites, as Facebook’s fight against fake accounts affects innocent bystanders. In case your Facebook account gets hacked or disabled, prepare… The post Facebook has deleted four planets’ worth of fake users – while real people struggle to get support appeared first on .

Cl0p ransomware gang may have garnered a lot of attention with this year’s high-profile string of MOVEit hacks, but now it’s also on the radar of the cybersecurity industry. FalconFeeds.io… The post Cl0p study sheds light on rising ransom gang appeared first on .

Inside the Newsletter | September 2023 Spot Fake LinkedIn Sales Bots Have You Tried Microsoft Designer?  Technologies to Help Run Your Small Business Better Tech Trends to Fuel Your Growth… The post September Newsletter appeared first on .

Cloud-based software company Salesforce was left wide open to a cyberattack exploiting the reputation of tech giant Meta thanks to a previously undetected bug, cybersecurity firm Guardio has disclosed. “The… The post Zero-day bug exploiting Meta hits Salesforce appeared first on .

While the performance of current AI systems may seem impressive, there’s a long way to go before we’re likely to see true human-like capabilities. AI is everywhere – or so… The post Three different types of artificial intelligence, explained appeared first on .

Inside the Newsletter | August 2023 What is Zero-Click Malware? Common Tech Myths 7 Cybersecurity Risks of Remote Work Page  7 Advantages of a Defense-in-Depth / Cybersecurity Strategy Page  Tech… The post August Newsletter appeared first on .

ChatGPT’s API program, designed to incorporate artificial intelligence (AI) functionality into pre-existing apps and software, comes with a considerable cybersecurity risk, warns analyst Endor Labs. Its research team found that… The post Malware risk in AI software packages, warns analyst appeared first on .

Millions of malicious IP addresses are analyzing the internet daily in an attempt to find security holes in networks. CrowdSec has recently released a Majority Report looking into the landscape… The post No, criminals are not in love with VPNs, expert insists appeared first on .

Inside the Newsletter | July 2023 Is Your Online Shopping App Invading Your Privacy? How Microsoft 365 Copilot Is Going to Transform M365 Apps Fight Business Email Compromise 10 Helpful… The post July Newsletter appeared first on .

Managing data and IT solutions in-house can be challenging and expensive. That’s why many organizations turn to MSPs. Digitalization has forced businesses to alter their operations and make IT a… The post What Is an MSP (And How to Choose the Right One for Your Business) appeared first on .

Cloud computing has been front and centre of the global shift to remote working. Find out how you can maximize this technology for your small business. The onset of the… The post Seven Ways to Maximize Cloud Solutions for Your Small Business appeared first on .

Inside the Newsletter | June 2023 Is it time to ditch the password for more secure passkeys? Create dashboard in power BI What is push-bombing? How to use ChatGPT at… The post June Newsletter appeared first on .

Most of us have heard that chip cards are more secure. When it comes to processing credit cards and debit cards, chip cards have been the standard for many years.… The post Is Swiping Chip Cards Putting Your Business at Risk? appeared first on .

Discover the compelling potential while exploring the ethical implications of an AGI-defined future. In 2023, tech giants are racing to leverage generative AI. Many are already looking beyond the capabilities… The post Unleashing artificial general intelligence: utopia or dystopia? appeared first on .

HAYS, Kan. – Kansas farmers battered by drought and heat now have more weather to worry about — in outer space. An expected surge in solar flares over the next several… The post How weather in outer space could cost Midwestern farmers $1 billion appeared first on .

We’ve compiled a list of disruptive innovations that are shaping the technological landscape around the world and shaping our future through reports from reputable scientific journals and the world’s largest… The post 10 Most Important Technologies Of 2023 appeared first on .

Online reputation can make or break your chances of landing and retaining clients. That’s why managing this aspect in your business is critical. Your store, whether brick-and-mortar or online, looks… The post The Importance of Online Reputation Management (And 8 Tips To Improve It) appeared first on .

Scaling your business doesn’t just entail having suitable systems, staff, or partners. It also includes finding new and innovative ways to save time and money. And that’s where Virtual Reality… The post Immersive Experiences Can Scale Your Business – The 5 Ways Virtual Reality Can Save Your Business Time and Money appeared first on .

When you see those people with two monitors, you may assume they do some specialized work that requires all that screen space, or they just really like technology. But having… The post Are Two Monitors Really More Productive Than One? appeared first on .

New research shows hackers are exploiting ChatGPT to write usable malware and sharing their results on the dark web. The latest report, from cybersecurity software retailer Check Point, backs recent… The post Threat actors can use ChatGPT to create deployable malware appeared first on .

Just five or six years ago, VoIP was still considered a “different” type of business phone system. One that wasn’t the norm. But the pandemic changed that way of thinking.… The post What Are the Most Helpful VoIP Features for Small Businesses? appeared first on .

Leaked API keys of three popular email service providers allowed threat actors to perform various unauthorized actions such as sending emails, accessing mailing lists and personal data, deleting API keys,… The post MailChimp, Mailgun, and Sendgrid API leak endangered over 54m users appeared first on .

It seems that nearly as long as passwords have been around, they’ve been a major source of security concern. Eighty-one percent of security incidents happen due to stolen or weak passwords. Additionally,… The post What Are the Advantages of Implementing Conditional Access? appeared first on .

The use of artificial intelligence (AI) in cyberattacks is quite limited, but the situation might change, and soon, with intrusions becoming much more advanced than current incidents, a new report… The post AI-enabled cyberattacks might become norm in next five years appeared first on .

With the continuing shift towards remote working, health is an ongoing concern. Find out how to stay healthy even when you’re working from home. The global pandemic resulted in many… The post Working From Home – The Six Simple Ways to Stay Healthy When You’re No Longer Commuting appeared first on .

After being the main entry to the internet in the late 1990s and early 2000s, Internet Explorer (IE) is gone. As of June 15, 2022, Microsoft dropped the web browser from support.… The post Internet Explorer Has Lost All Support (What You Need to Know) appeared first on .

The pandemic has been a reality that companies around the world have shared. It required major changes in how they operate. No longer, did the status quo of having everyone… The post 5 Mistakes Companies Are Making in the Digital Workplace appeared first on .

Microsoft has acknowledged a critical zero-day vulnerability in Windows affecting all major versions, including Windows 11, Windows 10, Windows 8.1, and even Windows 7. The vulnerability, identified with the tracker… The post How to Fix Microsoft “Follina” MSDT Windows Zero-Day Vulnerability appeared first on .

Cyberattacks grabbed headlines throughout 2021 as massive disruptions affected government agencies, major companies and even supply chains for essential goods like gasoline and meat. The year started off on a… The post Hacks, ransomware and data privacy dominated cybersecurity appeared first on .

The US Federal Bureau of Investigation (FBI) says the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors. Bleeping computer… The post FBI: Ransomware gang breached 52 US critical infrastructure orgs appeared first on .

Trying to stop all spam email is tough, but there are ways for you to thwart the majority of it from reaching your inbox.  Spam email is unwanted and often… The post 7 ways to stop spam email from clogging your inbox appeared first on .

  China had its sputnik moment in March 2016. That month an artificial intelligence programme, AlphaGo, beat a South Korean grandmaster at Go, an extremely complex and demanding Chinese board game.… The post TechScape: how China became an AI superpower ready to take on the United States appeared first on .

Earlier this year, news broke that foreign hackers had for months been secretly monitoring email accounts and communications between US government officials in charge of identifying foreign threats to national security. The… The post Doing these 5 things can help you lock down your Microsoft 365 account and keep hackers at bay appeared first on .